Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1684 1 Episodex 1 Episodex Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in default.asp for episodex guestbook allows remote attackers to inject arbitrary web script or HTML via the Name field and other fields.
CVE-2005-1686 2 Gnome, Redhat 2 Gedit, Enterprise Linux 2026-04-16 N/A
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
CVE-2005-1687 1 Wordpress 1 Wordpress 2026-04-16 N/A
SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.
CVE-2005-1691 1 Sap 1 Sap R 3 2026-04-16 N/A
Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request.
CVE-2005-1692 1 Xine 1 Gxine 2026-04-16 N/A
Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers.
CVE-2005-1694 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter.
CVE-2005-1696 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module.
CVE-2005-1699 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.
CVE-2005-1700 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.
CVE-2005-1701 1 Portailphp 1 Portailphp 2026-04-16 N/A
SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules.
CVE-2005-1702 1 Black Cactus 2 Warrior Kings, Warrior Kings Battles 2026-04-16 N/A
Format string vulnerability in Warrior Kings: Battles 1.23 and earlier and Warrior Kings 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a nickname.
CVE-2005-1705 2 Gnu, Redhat 2 Gdb, Enterprise Linux 2026-04-16 N/A
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
CVE-2005-1706 1 Mailscanner 1 Mailscanner 2026-04-16 N/A
Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection.
CVE-2005-1707 1 Gentoo 1 Linux Webapp-config 2026-04-16 N/A
The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.
CVE-2005-1708 1 Bluecoat 1 Reporter 2026-04-16 N/A
templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true.
CVE-2005-1712 1 Sy9 1 Serendipity 2026-04-16 N/A
Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.
CVE-2005-1721 1 Apple 1 Afp Server 2026-04-16 N/A
Buffer overflow in the legacy client support for AFP Server for Mac OS X 10.4.1 allows attackers to execute arbitrary code.
CVE-2005-1725 1 Apple 1 Mac Os X Server 2026-04-16 N/A
launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.
CVE-2005-1726 1 Apple 1 Mac Os X 2026-04-16 N/A
The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions."
CVE-2005-1727 1 Apple 1 Mac Os X Server 2026-04-16 N/A
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."